Recent change to bakery broke LXD #172
Comments
|
Going to run a git bisect on bakery to see what exactly broke us. |
|
Digging into this, we used to be able to authenticate then do follow-up queries without having to re-authenticate. Ever since the removal of time.Time (as was identified through bisect), we seem to have some kind of instant expiry and so have to re-authenticate for every single query. |
|
Adding the time caveat directly to our code base seems to fix things. Is that what we should be doing now? |
|
Ah, that's an interesting and unexpected consequence of removing the mandatory time-before caveat. It means that by default the macaroon that's created won't have any expiry time, so I guess that the code for inferring the expiry time for the cookie is getting it wrong and expiring the cookie immediately. Short answer is: yes, you should probably always add an expiry time to your macaroons - I just didn't want that to be a hard requirement. |
|
I'll take a look on Monday. |
Hi,
I just noticed the removal of the time argument to NewMacaroon and updated the LXD code to deal with this. However we're now seeing this failure:
https://jenkins.linuxcontainers.org/job/lxd-github-pull-test/3396/arch=amd64,backend=dir,compiler=golang-tip,restrict=lxd-priv/console
The text was updated successfully, but these errors were encountered: